surgemail-support <surgemailHIDDEN@firstname.lastname@example.org> wrote:
If Netwin will be doing some programming, here's a suggestion:
If sender is not already on the customer's Friends List, and if Subject contains various offending or strange phrases, then... an action.
Bounce, Redirect, Drop.
These rules can be easily setup in mfilter.rul
(Note that Surgemail already can tell you which are your friends because there will be an X-FriendScore header instead of a X-SpamDetect header. Ain't that kewl!!
Yeah, we asked for that a few years ago. Nice.
(however there are always gonna be hacked friends on AOL, Aim.com, Gmail, Hotmail, Yahoo, Web.de, etc.)
"Do Friends First" setting needs to have a checkmark... so that any Fwds from friends don't get rejected.
The legitimate ones arrive from Facebook, Linked-in or Twitter. There are other domains, mostly that pass SPF, that are scams & try to get the people to click - and most of those are infected web pages.. or they are clean pages that Refresh to an infected web page.
First, you should add the legitimate domains like Facebook, LinkedIn, Twitter into the
SPF_NoAllow setting on the SpamControl page - to automatically reject fake friend requests pretending to be from those domains. While you're there you might as well add FedEx, USPO and other frequently-faked domains. Your list will grow daily.
Then there needs to be a single line rule in mfilter.rul saying
if (isin("subject","you have notifications pending")) redirect HIDDEN@s@YourDomain.com"
so you can manage those other ones.
As more legitimate 3rd party websites contain the same features as Facebook, LinkedIn or Twitter there will be similar legit requests from those domains - which you wouldn't want to block.
Here, we are designing & hosting such powerful websites that contain such features.
Case in point: We host a website for a car club that has 315 members. We host a gun club website that has 1800+ members.
What we do here:
We have a Surgeweb account that also displays up to 35 other accounts. We have narrowed it down to 35 categories of unwanted mail. In Mfilter.rul, you redirect questionable or offending email contents (head, from, subject, body, MessageID, etc..) into one of the admin-review accounts.
If an email is ok, then Redirect to the original customer (using the surgeweb interface).
If an email is not OK, you can create more mfilter.rules to fit the situation, or you can add the offending IP address into the G_Deny list (which then becomes part of the surgemail.ini file. Then we clean out the G_Deny list every few days and move those IPs to our in-house RBL - which then blocks those (mostly foreign countries) IPs permanently.
Very few customer complaints, if any at all.